Week in Security: Wikileaks Extravaganza, New Ransomware and Open-Source Attacks

Type threatpost
Reporter Chris Brook
Modified 2015-04-13T17:08:25


Week in SecurityIt was difficult to go anywhere this week without hearing about the flurry of activity surrounding the Wikileaks data dump. A slew of denial-of-service attacks followed soon after, while new ransomware and attacks on open-source software filled out the rest of the week’s news. Read on for the week in review.

Wikileaks, once hosted on Amazon’s servers, was targeted by denial-of-service attacks early Sunday night. The attacks followed the posting of 250,000+ government documents dubbed “cablegate.” It was reported that hacker-activist ‘The Jester’ caused the first attack, knocking the site offline for hours, as a form of retribution against Wikileaks for “attempting to endanger the lives of our troops, other assets, and foreign relations.” Wikileaks suffered another attack on Tuesday as a second wave of DDoS attacks ravaged the site.
While the attacks caused sporadic outages, none of them knocked the
site offline like Sunday’s when 2-4 Gigabits of traffic hit the site
per second.

News came quickly from “cablegate,” including details that helped explicitly tie China to this year’s Aurora attacks. The attacks, which targeted Google and to a lesser extent Adobe, were aimed at securing access to Chinese dissidents’ e-mails and allegedly trying to steal intellectual property.

Ransomware dominated the news this week, including a new version of the old GpCode found its way onto computers. The malware demanded $120 to decrypt infected files. Unlike previous variants, the most recent resurrection provides users with a very slim chance of getting their data back. On Tuesday a second breed of ransomware, Seftad, was detected. Unlike GpCode however, Seftad overwrites the infected computer’s boot record and demands $100 to fix the problem.

As usual the rest of the week was checkered with the usual holes and patches.

Open-source software bared the brunt of attacks with both Savannah GNU and ProFTPD finding their websites compromised. Savannah’s site was hit with a SQL injection which allowed attackers to leak passwords and access old projects. ProFTPD’s server was backdoored by a bug in the software itself, leading to the distribution of dirty software.

It wouldn’t be a week in security without a few fixes. Adobe teamed up with Google on Wednesday to release a new version of Chrome that allows a sandboxed version of Flash to run in the browser. Adobe, who recently released their Reader X with an accompanying sandbox, sees the new venture as the latest line of additional defense to help protect their end-users.

WordPress had an update on Wednesday as well and released version 3.0.2 of their blogging platform. The patch fixed a “moderate” hole that could’ve allowed users to overtake blogs on a larger scale.

What caught your interest this week? On Thursday George Hulme took a look at the data and privacy problems that stem from employees trying to incorporate their personal technology into a work environment. On Monday, Alex Hutton wrote a primer on InfoSec, breaking down the term to examine it as a hypothetical construct.